Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 8995 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Email marked as SPAM - How to know why?

DeltaSM

Hello guys,

We currently have one Sophos SG210 with Email protection activated.

SPAM filter (in Antispam tab) is on and behavior is to warn our users with a [SPAM] tag.

However, a user reported me that several emails from DHL (shipment confirmation - no attachment / only text) were on her "Junk email" folder. 

Is there a way to have an information why these emails were marked as [SPAM] by SPAM filter? I tried to consult the logs but don't see these mails as SPAM and in the mail manager, there are marked as delivered (which is true in fact but they were tagged) however.

Kind Regards,

DeltaSM



This thread was automatically locked due to age.
Parents
  • +1

    For most items, the answer is No.   UTM forwards a hash of the message to the spam service and gets back a result.    As a result, the inner workings of the spam engine decision process is not visible.   In the logs, you can look for dkim_status="value" (dkim result), ctasd_status="value" (spam engine result) and reason="value".   Most likely, you will simply see ctasd_status="confirmed".

    There is also a token for ctasd_params="value", but I have not found it to contain anything useful.

Reply
  • +1

    For most items, the answer is No.   UTM forwards a hash of the message to the spam service and gets back a result.    As a result, the inner workings of the spam engine decision process is not visible.   In the logs, you can look for dkim_status="value" (dkim result), ctasd_status="value" (spam engine result) and reason="value".   Most likely, you will simply see ctasd_status="confirmed".

    There is also a token for ctasd_params="value", but I have not found it to contain anything useful.

Children
  • 0 in reply to DouglasFoster

    @Jason : in my case, emails are not reject by list like abuseat, etc. during the SMTP transaction. My problem is with the "SPAM filter".

    @Douglas: thank you for your answer. Indeed for some SPAMs I see some information about dkim, ctasd, etc. Unfortunately, for the SPAM messages concerned, I have no further information in the logs file :(

    As you confirmed, and as I supposed, there is no way to have detailed information. It's not a big deal but it could me very annoying sometimes.

    Case can be close :)

Unfiltered HTML